Achieving key privacy without losing CCA security in proxy re-encryption

In proxy re-encryption (PRE), a semi-trusted proxy can transform a ciphertext under the delegator's public key into another ciphertext that the delegatee can decrypt by his/her own private key. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. Some of these applications require that the underlying PRE scheme is CCA-secure and key-private. However, to the best of our knowledge, none of the existing PRE schemes satisfy this security requirement in the standard model. In this paper, based on the 5-Extended Decision Bilinear Diffie–Hellman assumption and Decision Diffie–Hellman assumption, we propose the first such PRE scheme, which solves an open problem left by Ateniese et al. (2009).

► A proxy re-encryption scheme with two security properties is proposed. In particular, it holds chosen ciphertext security (CCA security) and key privacy.
► We give the security proofs in standard model based on the 5-Extended Decision Bilinear Diffie-Hellman assumption and Decision Diffie-Hellman assumption.
► An application named ‘anonymous sharing’ for the proposed scheme is proposed.